Selfish mining is a protocol-level attack on a Proof-of-Work (PoW) blockchain, first formally described by Ittay Eyal and Emin Gün Sirer in 2013. In this strategy, a malicious miner or mining pool that discovers a new block keeps it secret instead of broadcasting it immediately to the network. This allows the selfish miner to start working on the next block in private, creating a private chain that is longer than the public, honest chain known to other participants. The attacker's goal is to invalidate the work of honest miners and claim a revenue share greater than their proportion of the network's total hashrate.
LABS
Glossary
Selfish Mining
Selfish mining is a strategic attack on Proof-of-Work blockchains where a miner secretly mines blocks and selectively releases them to invalidate honest miners' work, gaining an unfair advantage in rewards.
Chainscore © 2026
definition
BLOCKCHAIN ATTACK
What is Selfish Mining?
Selfish mining is a strategic attack on a Proof-of-Work blockchain where a miner or pool withholds newly discovered blocks to gain a disproportionate share of rewards.
The attack unfolds in a sequence of calculated releases. When honest miners find and broadcast a block on the public chain, the selfish miner instantly reveals their longer private chain. According to blockchain consensus rules, nodes adopt the longest valid chain, causing the honest block to be orphaned—discarded along with its block reward. This wastes the computational effort (hash power) of the honest network and allows the selfish miner to collect rewards for multiple blocks at once. The profitability of the attack increases non-linearly; research indicates it can become advantageous for a miner controlling just 25% of the network hashrate, lower than the 51% threshold for a majority attack.
The core impact of a successful selfish mining attack is the centralization of mining power and the erosion of network security. It creates a winner-take-more dynamic that incentivizes miners to join large pools to avoid consistent revenue loss from orphaned blocks, potentially leading to a single entity gaining excessive control. Furthermore, it undermines the fundamental assumption of fair competition in Nakamoto consensus, where rewards are expected to be proportional to contributed work. Defenses against selfish mining often involve modifying the chain selection rule, such as adopting GHOST (Greedy Heaviest Observed Subtree) or other protocols that account for orphaned blocks in determining canonical chain weight.
how-it-works
BLOCKCHAIN SECURITY
How the Selfish Mining Attack Works
A technical breakdown of the selfish mining attack, a strategy where a miner withholds newly discovered blocks to gain a disproportionate share of rewards and undermine network security.
Selfish mining is a protocol-level attack on proof-of-work blockchains where a malicious miner or pool, upon discovering a new block, withholds it from the public network to gain an unfair advantage. By keeping this block secret, the attacker creates a private chain fork. Honest miners continue to build on the public chain, unaware of the attacker's longer, hidden chain. The attacker's goal is to extend this private chain in secret, creating a lead over the public chain. This strategy exploits the fundamental longest-chain rule of Nakamoto consensus, where the valid chain is the one with the most cumulative proof-of-work.
The attack unfolds in distinct phases. When the attacker finds a block, they do not broadcast it, creating a one-block lead. If honest miners find the next block on the public chain, the attacker immediately broadcasts their secret block. This creates a tie, or a fork, at the same height. Honest miners will then work on either branch. If the attacker finds the subsequent block on their private chain, they broadcast it, revealing a chain longer than the public one. Honest nodes, following the protocol, will abandon their work and switch to this longer chain, rendering their previous work—and the block rewards it contained—orphaned. The attacker claims all rewards for the blocks on their now-public chain.
The profitability and success of a selfish mining attack depend heavily on the attacker's hashrate share. Research by Ittay Eyal and Emin Gün Sirer, who first formally described the attack in 2013, showed the threshold is lower than the naive 50% assumption. An attacker with more than about 25-33% of the network's total hashrate can profitably execute selfish mining. This is because the attack forces honest miners to waste computational power on orphaned blocks, effectively increasing the attacker's relative reward share. The attack also reduces the overall security of the network by decreasing the time between blocks for honest miners and increasing the rate of forks.
Beyond immediate profit, selfish mining can destabilize the network. Frequent chain reorganizations and orphaned blocks create uncertainty, which can undermine trust in transaction finality. This may discourage honest miners and potentially lead to further centralization, as miners feel pressured to join large pools to avoid being on the losing side of reorganizations. Defenses against selfish mining include protocol modifications like GHOST (Greedy Heaviest-Observed Sub-Tree), which incorporates orphaned blocks into the consensus weight calculation, or altering the block reward scheme to penalize withheld blocks. However, implementing such changes in a live blockchain like Bitcoin presents significant coordination challenges.
key-features
ATTACK VECTORS
Key Characteristics of Selfish Mining
Selfish mining is a protocol-level attack where a miner or pool withholds newly found blocks to gain a disproportionate share of rewards. This strategy exploits the network's consensus rules to create a competitive advantage.
01
Block Withholding
The core action of a selfish miner is to withhold a newly mined block from the public network. Instead of broadcasting it immediately, the attacker keeps it secret, creating a private fork. This allows them to work on extending this private chain while the honest network continues on the public chain.
- Goal: To invalidate the honest network's work.
- Trigger: The attack begins when the selfish miner finds a block.
02
Race Condition Exploitation
The attacker leverages the longest chain rule by strategically releasing their private chain. When the honest network publishes a block, the selfish miner immediately releases their longer private chain. Honest nodes, following the protocol, will switch to this longer chain, orphaning the honest block.
- Key Tactic: Creating and winning a block race.
- Result: The attacker claims all block rewards for the private chain, while honest miners waste computational power.
03
Profitability Threshold
Selfish mining is not profitable for small miners. The attack requires a significant portion of the network's total hash rate to succeed consistently. Academic research, notably by Eyal and Sirer (2013), established a threshold of >25% hash power for the strategy to become profitable against a default Bitcoin client.
- Critical Concept: The attack becomes an Nash equilibrium above this threshold, incentivizing rational miners to adopt it.
- Implication: It threatens network decentralization by encouraging pool consolidation.
04
Waste of Honest Hash Power
A primary consequence is the systematic waste of computational resources by honest miners. When their blocks are orphaned, the Proof-of-Work expended on them is rendered worthless. This reduces the overall efficiency and security of the network.
- Economic Impact: Increases the cost of honesty for miners.
- Security Degradation: Effectively reduces the network's honest hash power, making it more vulnerable to other attacks like a 51% attack.
05
Countermeasures & Mitigations
Protocols have developed defenses to reduce the selfish mining incentive. Key mitigations include:
- Ghost Protocol: Adopting a Greedy Heaviest Observed Subtree (GHOST) rule, which considers orphaned blocks in consensus, rewarding miners for stale blocks. This is used in Ethereum's original design.
- Freshness Preferred: Modifying the fork-choice rule to slightly prefer newer blocks, reducing the window for a strategic release.
- Publish or Perish: Penalizing blocks that are not published within a certain time.
06
Related Concepts
Selfish mining is part of a family of protocol-level attacks that exploit economic incentives.
- Time-Bandit Attacks: An extension where an attacker rewrites longer history using accumulated hash power.
- Stubborn Mining: A broader class of strategies that includes withholding blocks and strategically publishing them.
- Nothing-at-Stake Problem: A related issue in Proof-of-Stake systems where validators have no cost to validate on multiple forks.
profitability-threshold
SELFISH MINING
The Profitability Threshold
A critical metric in blockchain security analysis that determines the conditions under which a selfish mining attack becomes economically rational for a miner.
In the context of selfish mining, the profitability threshold is the minimum fraction of the network's total hashrate a malicious miner must control for the attack to yield a higher expected reward than honest mining. This concept, formalized in the seminal 2013 paper "Majority is not Enough: Bitcoin Mining is Vulnerable" by Ittay Eyal and Emin Gün Sirer, redefined the security assumptions of Nakamoto consensus. It demonstrated that a miner with just over 33% of the hashrate could, in theory, gain a disproportionate share of block rewards by strategically withholding and releasing blocks to orphan the honest chain.
The threshold calculation depends heavily on network propagation delays and the attacker's strategy. The original model established a lower bound of approximately 25% hashrate for profitability under ideal conditions for the attacker, challenging the long-held belief that a 51% attack was the primary security concern. Key variables include the gamma parameter (γ), which represents the fraction of honest miners that will mine on the attacker's chain when a fork is detected. A higher γ, meaning more honest hash power inadvertently supports the attacker's secret chain, significantly lowers the profitability threshold.
This model has profound implications for blockchain security and decentralization. It suggests that Proof-of-Work networks are vulnerable to centralizing forces at lower hashrate concentrations than previously assumed, as a large mining pool could rationally execute a selfish mining strategy to increase its revenue. Consequently, the analysis of the profitability threshold influences protocol design decisions, such as the response rules honest nodes follow during chain conflicts, and underscores the importance of fast block propagation to minimize γ.
Later research has expanded and refined the original selfish mining model. Studies have introduced more sophisticated attack strategies, such as stubborn mining and fork-after-withholding, which can alter the profitability calculus. Furthermore, the model's assumptions are tested in real-world environments with variables like transaction fees, block reward halvings, and the presence of multiple competing pools. These analyses show that while the precise threshold can vary, the core vulnerability—that rational miners can profit by deviating from protocol—remains a fundamental consideration in cryptoeconomic security.
security-considerations
SELFISH MINING
Security Implications & Risks
Selfish mining is a protocol-level attack where a miner or mining pool secretly withholds newly found blocks to gain a disproportionate share of rewards and undermine network security.
01
The Core Attack Vector
A selfish miner deviates from honest protocol by withholding newly mined blocks, creating a private chain. They release this chain strategically to orphan the blocks of honest miners, wasting their computational work (Proof of Work) and allowing the attacker to claim a revenue share exceeding their actual hash power. This breaks the Nash equilibrium where honest mining is supposed to be the most profitable strategy.
02
Wasted Work & Increased Centralization
The attack forces honest miners to expend resources on blocks that are ultimately discarded, reducing their effective profitability. This creates a barrier to entry for smaller miners and can incentivize them to join the largest pool (including a potential selfish one) for consistent payouts, leading to increased mining pool centralization and a higher risk of a 51% attack.
03
Thresholds and Viability
The attack becomes theoretically profitable when the selfish miner controls more than approximately 25% of the network's total hash rate (the exact threshold varies by model). Below this, the cost of maintaining a private chain typically outweighs the gains. This makes the attack a significant concern for smaller Proof of Work blockchains where a single entity could more easily acquire a substantial portion of hash power.
04
Defense Mechanisms
Protocols can be modified to reduce the attack's profitability. Key defenses include:
- Freshness Preferred: Clients accept the first-seen chain tip, penalizing withheld blocks.
- Publish or Perish: Protocols that penalize late block publication.
- Alternative Consensus: Moving to Proof of Stake or other mechanisms that are not vulnerable to this specific hash power withholding strategy.
05
Related Concept: Time Bandit Attacks
A selfish mining variant where an attacker with significant past hash power revisits and rewrites older portions of the blockchain. This is only economically rational if the value of stolen transactions (e.g., a large, old UTXO) exceeds the cost of the reorg, highlighting that blockchain finality in Proof of Work is probabilistic and diminishes over time.
06
Economic vs. Technical Security
Selfish mining demonstrates that blockchain security relies on economic incentives aligning with honest behavior. When a protocol flaw allows deviation from honesty to be profitable, the cryptoeconomic security model fails. This shifts the security analysis from pure hash rate to game theory, requiring constant evaluation of miner incentives under all possible strategies.
ATTACK VECTORS
Selfish Mining vs. Other Consensus Attacks
A comparison of key characteristics distinguishing Selfish Mining from other major consensus-layer attacks.
| Feature / Metric | Selfish Mining | 51% Attack | Nothing-at-Stake (PoS) | Long-Range Attack (PoS) |
|---|---|---|---|---|
Primary Consensus Model | Proof-of-Work | Proof-of-Work | Proof-of-Stake | Proof-of-Stake |
Core Mechanism | Withholding found blocks to orphan honest chain | Outcomputing the honest network's hashrate | Voting on multiple conflicting blocks/histories | Rewriting history from a distant past checkpoint |
Resource Requirement |
|
| Stake in multiple competing chains | Compromised old validator keys or cheap stake |
Primary Goal | Increase miner revenue share | Double-spend or censor transactions | Profit from consensus ambiguity | Rewrite transaction history |
Attack Stealth | High (can appear as natural luck) | Low (obvious hashrate takeover) | Medium (can be hidden) | High (historical, may be undetected) |
Defense / Mitigation | Modified fork-choice rules (e.g., GHOST) | Increasing network hashrate decentralization | Slashing conditions, checkpointing | Checkpointing, key rotation, subjective consensus |
Real-World Occurrence | Theoretical, suspected in practice | Observed on smaller chains | Theoretical, mitigated in modern PoS | Theoretical, primary concern for young PoS chains |
mitigation-strategies
SELFISH MINING
Mitigation Strategies & Defenses
Selfish mining is a protocol-level attack where a miner withholds newly found blocks to gain a disproportionate share of rewards, undermining network security. These strategies aim to detect or disincentivize the behavior.
01
Freshness Preferred (Bitcoin-NG)
The Bitcoin-NG (Next Generation) protocol decouples leader election from transaction serialization, making selfish mining less profitable. It uses key blocks for leader election and microblocks for transactions. Since microblocks are invalid without the latest key block, a selfish miner cannot create a longer private chain of microblocks, removing the advantage of withholding.
02
Two-Phase Proof-of-Work (2P-PoW)
Proposed by researchers, this mechanism splits mining into two distinct phases to penalize secrecy.
- Phase 1 (Commit): Miners publish a block commitment (a hash) immediately upon finding a block.
- Phase 2 (Reveal): The full block is revealed later. A selfish miner who withholds a block fails the commitment phase, allowing honest miners to orphan the secret chain, making the attack economically irrational.
03
Zombie-Block Detection
This is a detection-based mitigation where nodes monitor for zombie blocks—blocks that appear deep in a chain but with a timestamp indicating they were mined much earlier. This timestamp anomaly suggests the block was withheld. Nodes can then apply policies to penalize the miner's subsequent blocks or alert the network, increasing the risk for the attacker.
04
Forward Security Adjustments
This approach modifies the fork choice rule to reduce the reward for stale blocks. Protocols can implement a penalty that reduces the block reward for blocks that are not published within a certain time window after being mined. This directly attacks the selfish miner's economic incentive by devaluing the blocks they intended to release strategically.
05
Decoy Publication (Fork +1)
A counter-strategy for honest miners when they suspect selfish mining. Upon discovering a fork, honest miners can intentionally mine and publish a decoy block on top of the selfish miner's last public block. This "Fork +1" tactic can trick the selfish miner into revealing their private chain prematurely to compete, neutralizing their advantage and restoring the honest chain.
06
Economic & Protocol Deterrence
The most robust defense is designing protocols where selfish mining is never profitable. This involves:
- Accurate modeling of network propagation delays.
- Adjusting confirmation times based on block reception patterns.
- Ensuring the honest mining strategy is a strict Nash equilibrium, meaning no rational miner gains by deviating from it. Ethereum's GHOST protocol and its use of uncle rewards is a partial mitigation in this vein.
ecosystem-context
BLOCKCHAIN ATTACK
Selfish Mining
An explanation of the selfish mining attack, its mechanics, and its profound implications for blockchain security and miner incentives.
Selfish mining is a strategic attack on a Proof-of-Work blockchain where a miner or mining pool secretly mines blocks on a private fork, withholding them from the public network to gain a disproportionate share of rewards and waste the computational power of honest miners. By selectively releasing its private chain, the selfish miner can cause honest miners to abandon their work on the public chain, rendering their efforts—and the associated electricity costs—wasted. This strategy allows the attacker to earn more than its fair share of block rewards relative to its hashrate, undermining the fundamental assumption of fair competition in Nakamoto consensus.
The attack exploits the longest chain rule and network propagation delays. The selfish miner starts by mining blocks in secret. When honest miners find and broadcast a block, the attacker immediately releases its longer private chain, causing the network to adopt it and orphan the honest block. This block withholding forces honest miners to switch to the new chain, discarding their progress. The attacker's advantage grows as its private chain lead increases, allowing it to consistently double-spend transactions and censor transactions from the public mempool, fundamentally breaking the blockchain's security and liveness guarantees.
Proposed by Ittay Eyal and Emin Gün Sirer in 2013, the selfish mining attack revealed a critical vulnerability in Bitcoin's incentive model, demonstrating that the protocol was not incentive-compatible under all conditions. Their research showed that a miner controlling more than 25% of the network's total hashrate could profit from this strategy, a threshold significantly lower than the 51% required for a traditional majority attack. This finding challenged the notion that miners are always incentivized to publish blocks immediately and sparked significant research into consensus algorithm robustness and alternative mechanisms like GHOST (Greedy Heaviest Observed Subtree) to mitigate such time-wasting attacks.
SELFISH MINING
Common Misconceptions
Selfish mining is a theoretical attack vector on proof-of-work blockchains, often misunderstood in its mechanics, profitability, and real-world applicability. This section clarifies the core concepts and addresses frequent points of confusion.
Selfish mining is a strategic attack where a miner or mining pool discovers a new block but withholds it from the public network, secretly mining a longer private chain to gain a disproportionate share of rewards. The attacker works as follows: upon finding a block, they keep it private and continue mining on top of it. When honest miners publish a block at the same height, the attacker immediately releases their longer private chain, causing the honest block to be orphaned. This allows the attacker to collect the full block reward for their chain while wasting the computational effort of the honest network. The core mechanism relies on exploiting the longest chain rule and network propagation delays to invalidate the work of others.
SELFISH MINING
Frequently Asked Questions
Selfish mining is a controversial blockchain attack strategy where a miner or mining pool withholds newly found blocks to gain a disproportionate share of rewards. This section addresses common technical questions about its mechanics, impact, and mitigation.
Selfish mining is a protocol-level attack strategy in proof-of-work blockchains where a miner or mining pool discovers a new block but intentionally withholds it from the public network to gain an unfair advantage. By keeping the block secret, the attacker creates a private chain fork. The attacker then selectively releases blocks from this private chain to invalidate the honest network's work, causing honest miners to waste computational power on orphaned blocks. This allows the selfish miner to capture a block reward share greater than their actual hashing power, undermining the Nakamoto Consensus assumption that miners always broadcast blocks immediately. The strategy was formally described in a 2013 paper by Ittay Eyal and Emin Gün Sirer.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall